Slashdot Mirror

← Back to Stories (view on slashdot.org)

Stop Fixing All Security Vulnerabilities, Say B-Sides Security Presenters

Posted by timothy on Thursday August 8, 2013 @04:52AM from the choosing-battles dept.

PMcGovern writes "At BSidesLV in Las Vegas, Ed Bellis and Data Scientist Michael Roytman gave a talk explaining how security vulnerability statistics should be done: 'Don't fix all security issues. Fix the security issues that matter, based on statistical relevance.' They looked at 23,000,000 live vulnerabilities across 1,000,000 real assets, which belonged to 9,500 clients, to explain their thesis."

3 of 88 comments (clear)

Min score:

Reason:

Sort:

Re:A better way to phrase it: by Joce640k · 2013-08-08 05:05 · Score: 5, Funny

Everybody knows hackers will just shrug and give up after you fix 90% of your vulnerabilities.

--
No sig today...
Re:Really? by robot256 · 2013-08-08 05:56 · Score: 4, Funny

If you line up all of your straw men in a row, they will look like an army and scare your opponent away.
Re: erm, no? by AliasMarlowe · 2013-08-08 06:21 · Score: 4, Funny

Theoretically, there should be some computer scientists who know how to use English.
Theory and reality are the same, in theory. In reality, however...

--
Those who can make you believe absurdities can make you commit atrocities. - Voltaire